Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/5caab7-0eb0-429f-a7b0-e7d4551c19ab/1/YkDO4VY326alPeMc144EFpzEF_g.roa
File:                     YkDO4VY326alPeMc144EFpzEF_g.roa (raw, json)
Hash identifier:          VrhrRQcNNswVX3V3TCkzS+Bf6K+WCyRfnmqzCenS0tk=
Subject key identifier:   62:40:CE:E1:56:37:DB:A6:A5:3D:E3:1C:D7:8E:04:16:9C:C4:17:F8
Certificate issuer:       /CN=20f0c4ad1c4b0c536ed18723c8a95a348d28bf65
Certificate serial:       018CEA3AF2A2D8CC3D19108CEB90B3D5798F
Authority key identifier: 20:F0:C4:AD:1C:4B:0C:53:6E:D1:87:23:C8:A9:5A:34:8D:28:BF:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPDErRxLDFNu0YcjyKlaNI0ov2U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/5caab7-0eb0-429f-a7b0-e7d4551c19ab/1/YkDO4VY326alPeMc144EFpzEF_g.roa
Signing time:             Mon 08 Jan 2024 17:59:40 +0000
ROA not before:           Mon 08 Jan 2024 17:59:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59689
IP address blocks:        185.3.128.0/22 maxlen: 22
                          2a02:5cc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/5caab7-0eb0-429f-a7b0-e7d4551c19ab/1/IPDErRxLDFNu0YcjyKlaNI0ov2U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/5caab7-0eb0-429f-a7b0-e7d4551c19ab/1/IPDErRxLDFNu0YcjyKlaNI0ov2U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPDErRxLDFNu0YcjyKlaNI0ov2U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ea:3a:f2:a2:d8:cc:3d:19:10:8c:eb:90:b3:d5:79:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f0c4ad1c4b0c536ed18723c8a95a348d28bf65
        Validity
            Not Before: Jan  8 17:59:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6240cee15637dba6a53de31cd78e04169cc417f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:84:8b:d3:9c:15:8e:1a:40:fd:a9:ac:12:c2:
                    08:9c:51:a5:27:e9:15:bb:fc:64:cc:f5:bb:36:6f:
                    12:bd:72:a6:ad:c6:88:56:67:1c:e3:1d:e4:13:94:
                    e4:50:81:31:0f:90:9c:ec:29:95:6e:49:66:14:50:
                    2e:98:56:ab:88:c6:26:bb:a6:85:bf:6c:1b:cb:59:
                    21:44:01:83:89:ed:9d:61:28:8a:73:de:3e:25:b4:
                    eb:84:97:91:0e:6a:42:dc:3f:c0:0e:1d:8d:f2:e6:
                    e5:f5:46:b2:b9:ca:51:75:bd:33:af:5f:77:3b:c8:
                    bb:d0:b0:20:85:84:4e:57:01:32:33:8f:c5:25:a5:
                    25:b3:de:05:12:29:59:1e:37:46:ca:1f:15:59:98:
                    47:03:db:96:25:f7:dc:41:a9:be:cb:a9:ef:0d:44:
                    95:d7:c2:4d:bb:8f:1c:05:16:f8:b3:28:06:24:d2:
                    09:a9:b2:e2:c1:41:da:96:f9:e6:cf:f6:00:22:ae:
                    c4:68:b7:6a:d4:29:4e:c5:14:f8:af:51:2b:34:4a:
                    94:b9:f1:c2:a2:c2:3a:a6:d1:c0:2e:7c:62:79:76:
                    f8:44:d8:5c:43:09:c5:74:f7:0c:a1:b2:06:a3:30:
                    f5:ad:44:1c:f5:c0:24:6d:46:4e:85:92:e0:45:1a:
                    e7:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:40:CE:E1:56:37:DB:A6:A5:3D:E3:1C:D7:8E:04:16:9C:C4:17:F8
            X509v3 Authority Key Identifier:
                keyid:20:F0:C4:AD:1C:4B:0C:53:6E:D1:87:23:C8:A9:5A:34:8D:28:BF:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPDErRxLDFNu0YcjyKlaNI0ov2U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/5caab7-0eb0-429f-a7b0-e7d4551c19ab/1/YkDO4VY326alPeMc144EFpzEF_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/5caab7-0eb0-429f-a7b0-e7d4551c19ab/1/IPDErRxLDFNu0YcjyKlaNI0ov2U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.128.0/22
                IPv6:
                  2a02:5cc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:4a:e1:37:e0:be:be:ac:61:e9:aa:aa:5d:65:06:68:94:7c:
         56:2d:84:0b:0b:2b:62:04:fa:ef:d5:40:bf:9a:8c:54:fa:7e:
         43:3f:e9:31:0e:8b:f7:69:07:9f:26:20:92:cc:8a:ca:ba:b0:
         27:3c:9c:e2:22:8c:bd:6b:46:33:c3:d2:24:af:30:bf:32:7e:
         74:e8:2a:a7:a7:7c:d9:98:7c:44:8b:77:21:ce:3f:c8:5f:9f:
         d6:f6:95:51:32:86:be:82:94:ad:cd:9d:cb:8a:f4:89:33:fe:
         31:8b:ac:db:3c:8a:a1:48:46:81:fb:86:28:41:2c:ee:96:ec:
         47:a4:31:4c:99:4d:bf:eb:2e:e5:8a:b8:75:7d:11:b6:a6:2e:
         ab:03:cd:0c:f1:5d:96:d8:e8:c7:66:a3:42:48:73:1b:fe:fb:
         06:c4:6f:8d:c6:0d:7c:14:f5:84:b7:a2:38:92:74:ae:5f:19:
         07:3c:bf:ef:05:d3:be:21:0f:f2:ba:87:68:2c:7f:8d:11:78:
         63:d6:9a:c7:69:61:bf:d1:cd:aa:3e:60:14:c6:90:b3:01:57:
         f7:f5:29:4d:a0:cf:df:33:b7:38:f5:9f:27:b5:85:bf:b5:74:
         b6:ef:0d:e5:80:34:77:d0:11:af:26:88:f3:fe:f2:0c:67:ae:
         92:44:91:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzqOvKi2Mw9GRCM65Cz1XmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjBjNGFkMWM0YjBjNTM2ZWQxODcyM2M4YTk1YTM0OGQy
OGJmNjUwHhcNMjQwMTA4MTc1OTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjQwY2VlMTU2MzdkYmE2YTUzZGUzMWNkNzhlMDQxNjljYzQxN2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYSL05wVjhpA/amsEsIInFGlJ+kV
u/xkzPW7Nm8SvXKmrcaIVmcc4x3kE5TkUIExD5Cc7CmVbklmFFAumFariMYmu6aF
v2wby1khRAGDie2dYSiKc94+JbTrhJeRDmpC3D/ADh2N8ubl9UayucpRdb0zr193
O8i70LAghYROVwEyM4/FJaUls94FEilZHjdGyh8VWZhHA9uWJffcQam+y6nvDUSV
18JNu48cBRb4sygGJNIJqbLiwUHalvnmz/YAIq7EaLdq1ClOxRT4r1ErNEqUufHC
osI6ptHALnxieXb4RNhcQwnFdPcMobIGozD1rUQc9cAkbUZOhZLgRRrnUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGJAzuFWN9umpT3jHNeOBBacxBf4MB8GA1UdIwQY
MBaAFCDwxK0cSwxTbtGHI8ipWjSNKL9lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBERXJSeExERk51MFljanlLbGFOSTBvdjJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81Y2FhYjctMGViMC00MjlmLWE3YjAt
ZTdkNDU1MWMxOWFiLzEvWWtETzRWWTMyNmFsUGVNYzE0NEVGcHpFRl9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS81Y2FhYjctMGViMC00MjlmLWE3YjAtZTdkNDU1MWMxOWFi
LzEvSVBERXJSeExERk51MFljanlLbGFOSTBvdjJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQOAMA0E
AgACMAcDBQAqAlzAMA0GCSqGSIb3DQEBCwUAA4IBAQCMSuE34L6+rGHpqqpdZQZo
lHxWLYQLCytiBPrv1UC/moxU+n5DP+kxDov3aQefJiCSzIrKurAnPJziIoy9a0Yz
w9IkrzC/Mn506Cqnp3zZmHxEi3chzj/IX5/W9pVRMoa+gpStzZ3LivSJM/4xi6zb
PIqhSEaB+4YoQSzuluxHpDFMmU2/6y7lirh1fRG2pi6rA80M8V2W2OjHZqNCSHMb
/vsGxG+Nxg18FPWEt6I4knSuXxkHPL/vBdO+IQ/yuodoLH+NEXhj1prHaWG/0c2q
PmAUxpCzAVf39SlNoM/fM7c49Z8ntYW/tXS27w3lgDR30BGvJojz/vIMZ66SRJHm
-----END CERTIFICATE-----